Linux User Group and File Permissions

Introduction

Linux is a multi-user operating system. This means multiple users can use the same Linux computer simultaneously, each with their own private space and files, while also sharing some system resources. This lab will introduce you to the basics of user management and file permissions in Linux, concepts that are crucial for system administration and security.

You will move through these ideas in a practical order: identify users, create a user, manage groups, and then apply file ownership and permission changes. If this is your first time with Linux administration commands, run each command one by one and compare your output with the examples before continuing.

View Current User Information

In Linux, each user has a unique username. Let's start by identifying which user we're currently logged in as.

Open the terminal and enter the following command:

whoami

The whoami command is a simple tool that displays the username of the current user.

You should see output similar to this:

labex:project/ $ whoami
labex

This indicates that you're currently logged in as the user "labex".

Create a New User

Now, let's create a new user. In Linux, creating new users requires administrative privileges. We'll use the sudo command to gain these privileges.

sudo stands for "Superuser Do". It allows regular users to execute commands as the superuser (or root user).

Before we create a new user, let's discuss the concept of primary groups. In Linux, every user belongs to a primary group and can belong to multiple secondary groups. The primary group is typically used as the group owner for files that the user creates.

When you create a new user with adduser, it automatically creates a primary group for that user with the same name as the username. This is called a User Private Group (UPG) scheme.

Enter the following command to create a new user named "jack":

sudo adduser jack

This command will:

1. Create a new user named "jack"
2. Create a new group named "jack" (the primary group)
3. Add the user "jack" to the "jack" group as its primary group
4. Create a home directory for jack at /home/jack

You'll be prompted to set a password for jack and provide some additional information. You can set a simple password (like "password") and press Enter to use the default values for other information.

Note: When entering the password, you won't see any characters on the screen - this is normal behavior for security reasons. Just type your password and press Enter.

After creating the user, let's confirm that a home directory was created for jack and check jack's primary group:

ls /home
id jack

The id command will show you jack's user ID (UID), primary group ID (GID), and any secondary groups.

Explore User Groups

In Linux, user groups are a way to organize multiple users for permission management. Each user has a primary group and can belong to multiple secondary groups. Let's explore the groups our current user belongs to:

id labex

You should see output similar to:

uid=5000(labex) gid=5000(labex) groups=5000(labex),27(sudo),121(ssl-cert),5002(public)

This shows that:

• The user labex has a user ID (UID) of 5000
• The primary group for labex is also named labex with a group ID (GID) of 5000
• labex belongs to several secondary groups, including sudo, ssl-cert, and public

Now, let's view all groups on the system:

cat /etc/group | sort

The cat command displays file contents, /etc/group is where group information is stored, and | sort sorts the output alphabetically.

To see only groups related to labex, use:

grep "labex" /etc/group

grep is a powerful search tool. This command searches for lines containing "labex" in the group file.

Create a New Group and Add User to It

Let's create a new group called "developers" and add our new user "jack" to this group:

First, create the new group:

sudo groupadd developers

Now, add jack to the developers group:

sudo usermod -aG developers jack

The usermod command modifies user accounts. The -aG option adds the user to a supplementary group.

To verify that jack is now a member of the developers group, use:

groups jack

You should see "developers" listed among jack's groups.

Add a User to the sudo Group

Now that we've created the user jack, let's give him sudo privileges by adding him to the sudo group. But first, let's understand why this is important:

Adding a user to the sudo group allows them to execute commands with superuser or root privileges. This is useful for several reasons:

1. Security: It allows the user to perform administrative tasks without logging in as the root user, which is generally considered a security risk.
2. Accountability: When users use sudo, their actions are logged, providing an audit trail of administrative actions.
3. Convenience: It eliminates the need to switch to the root user account for occasional administrative tasks.
4. Granular control: The sudo configuration can be customized to allow specific users to run only certain commands with elevated privileges.

To add jack to the sudo group, use this command:

sudo usermod -aG sudo jack

This command uses usermod to modify the user account. The -aG option means "append to group", so it adds jack to the sudo group without removing him from other groups.

After adding jack to the sudo group, you can verify his group membership with:

groups jack

You should see sudo listed among jack's groups.

By adding jack to the sudo group, we've given him the ability to perform administrative tasks on the system. However, it's important to remember that with great power comes great responsibility. Users with sudo privileges should be trusted and understand the implications of their actions, as they can potentially affect the entire system.

Understanding and Manipulating File Permissions and Ownership

In Linux, file permissions and ownership are crucial for system security. Let's explore these concepts and learn how to manipulate them.

1. First, let's examine the current permissions in the /home directory:

ls -l /home

Note: In ls -l, the second character is a lowercase letter l (ell), not the number 1.

You'll see output similar to:

total 8
drwxr-xr-x 2 jack  jack  4096 Jul 30 10:00 jack
drwxr-xr-x 5 labex labex 4096 Jul 30 09:55 labex

Let's break down what this means:

• The first character indicates the file type (d for directory, - for regular file)
• The next 9 characters represent permissions for owner, group, and others (in that order)
• r means read permission, w means write permission, and x means execute permission
• The username after these characters is the file owner, followed by the group owner

2. Now, let's create a new file and change its ownership:

touch /home/labex/testfile
ls -l /home/labex/testfile
sudo chown jack:jack /home/labex/testfile
ls -l /home/labex/testfile

The touch command creates an empty file. Initially, the file will be owned by labex. We then use chown to change the ownership to jack for both user and group.

Why change ownership? In Linux, file owners have special privileges over their files. By changing ownership, we're giving jack full control over this file.

3. Finally, let's modify the file's permissions:

sudo chmod 750 /home/labex/testfile
ls -l /home/labex/testfile

The chmod command changes the file's permissions. The number 750 is a shorthand way to set permissions:

• 7 (owner): Read (4) + Write (2) + Execute (1) = 7
• 5 (group): Read (4) + Execute (1) = 5
• 0 (others): No permissions

This permission set means:

• The owner (jack) can read, write, and execute the file
• Members of the jack group can read and execute the file
• Others have no permissions on the file

Why set these permissions? This is a common permission set that allows the owner full access, gives the group limited access, and restricts access for everyone else. It's a balance between usability and security.

Understanding file permissions and ownership is crucial in Linux. It allows you to control who can read, modify, or execute files, which is fundamental to system security and user privacy. As you continue working with Linux, you'll find yourself frequently using these commands to manage access to files and directories.

Summary

Congratulations! You've completed the Linux User Group and File Permissions lab. You've learned how to:

1. View user information
2. Create new users and understand primary groups
3. Explore and modify user groups
4. Create new groups and add users to them
5. Grant sudo privileges to users
6. View and understand file permissions
7. Change file ownership
8. Modify file permissions

These skills are fundamental for managing users and securing files in a Linux environment. As you continue your Linux journey, you'll find these concepts essential for system administration and security.